Add directive ssl_prefer_server_ciphers (#143)
This commit is contained in:
parent
e3902b6cb2
commit
c730f522f1
@ -380,6 +380,7 @@ nginx_http_template:
|
||||
dhparam: /etc/ssl/private/dh_param.pem
|
||||
protocols: TLSv1 TLSv1.1 TLSv1.2
|
||||
ciphers: HIGH:!aNULL:!MD5
|
||||
prefer_server_ciphers: true
|
||||
session_cache: none
|
||||
session_timeout: 5m
|
||||
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
|
||||
|
@ -192,6 +192,7 @@ nginx_http_template:
|
||||
dhparam: /etc/ssl/private/dh_param.pem
|
||||
protocols: TLSv1 TLSv1.1 TLSv1.2
|
||||
ciphers: HIGH:!aNULL:!MD5
|
||||
prefer_server_ciphers: true
|
||||
session_cache: none
|
||||
session_timeout: 5m
|
||||
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
|
||||
|
@ -66,6 +66,9 @@ server {
|
||||
{% if item.value.ssl.ciphers is defined and item.value.ssl.ciphers %}
|
||||
ssl_ciphers {{ item.value.ssl.ciphers }};
|
||||
{% endif %}
|
||||
{% if item.value.ssl.prefer_server_ciphers is defined and item.value.ssl.prefer_server_ciphers %}
|
||||
ssl_prefer_server_ciphers on;
|
||||
{% endif %}
|
||||
{% if item.value.ssl.session_cache is defined and item.value.ssl.session_cache %}
|
||||
ssl_session_cache {{ item.value.ssl.session_cache }};
|
||||
{% endif %}
|
||||
|
Loading…
Reference in New Issue
Block a user